| Name | CVE-2018-17451 |
| Description | An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Cross Site Request Forgery (CSRF) in the Slack integration for issuing slash commands. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| gitlab | source | experimental | 11.1.8+dfsg-1 | |||
| gitlab | source | stretch | (not affected) | |||
| gitlab | source | (unstable) | 11.1.8+dfsg-2 |
[stretch] - gitlab <not-affected> (Only affects 9.4 and later)
https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/